tiagocpontesp/quickpay.php

## quickpay.php
<?php
	/*
		WP E-commerce Merchant Gateway for QuickPay.dk
		Version 1.1

		For help and support, please go to http://www.quickpay.dk

		Changelog:
		12-12-2011 by UF from http://wpkonsulent.dk
		Added rounding for odd ørebeløb, since WPEC doesn't do it.
		14-11-2011 by UF from http://wpkonsulent.dk
		Cancelled payments no longer triggers a purchase report to be sent by email.
		Changed the entire flow regarding cancel/continue/callback URLs.
		Added test mode.
		Fixed bug with accepted payments showing up as "Order received".
		Minor optimization of control panel.
		Clean-up of code for better readability and more correct HTML.
		Added cardtypelock = 'creditcard' which supposedly should have a positive effect on conversions.
	*/

	$nzshpcrt_gateways[$num]['name'] = 'QuickPay';
	$nzshpcrt_gateways[$num]['internalname'] = 'QuickPay';
	$nzshpcrt_gateways[$num]['function'] = 'nzshpcrt_quickpay_gateway';
	$nzshpcrt_gateways[$num]['form'] = "nzshpcrt_quickpay_form";
	$nzshpcrt_gateways[$num]['submit_function'] = "nzshpcrt_quickpay_form_submit";

	// Set default values.
	if(!get_option('quickpay_language') <> '')
		update_option('quickpay_language', 'en');

	if(!get_option('quickpay_currency') <> '')
		update_option('quickpay_currency', 'EUR');

	if(!get_option('quickpay_keepbasket') <> '')
		update_option('quickpay_keepbasket', '0');

	if(!get_option('quickpay_autocapture') <> '')
		update_option('quickpay_autocapture', '0');

	if(!get_option('quickpay_testmode') <> '')
		update_option('quickpay_testmode', '0');

	// Displays the settings from within the WPEC control panel.
	function nzshpcrt_quickpay_form()
	{
		// Get stored values.
		$merchantid = get_option('quickpay_merchantid');
		$md5secret = get_option('quickpay_md5secret');
		$language = get_option('quickpay_language');
		$autocapture = get_option('quickpay_autocapture');
		$currency = get_option('quickpay_currency');
		$keepbasket = get_option('quickpay_keepbasket');
		$testmode = get_option('quickpay_testmode');

		// Generate output.
		$output = '<tr><td colspan="2" style="text-align:center;"><br/><a href="http://quickpay.dk/?setlang=en" target="_blank"><img src="http://quickpay.dk/gfx/quickpay.gif"></a><br/><br/></td></tr>';

		// Merchant ID.
		$output .= '<tr><td><label for="quickpay_merchantid">Merchant ID</label></td>';
		$output .= '<td><input name="quickpay_merchantid" type="text" value="' . $merchantid . '"/>
				    <p><small>This is your unique ID, which the system uses to identify you.</small></p></td></tr>';

		// MD5 Secret.
		$output .= '<tr><td><label for="quickpay_md5secret">MD5 Secret</label></td>';
		$output .= '<td><input name="quickpay_md5secret" type="text" value="' . $md5secret . '"/>
					<p><small>This is the unique MD5 secret key, which the system uses to verify your transactions.</small></p></td></tr>';

		// Language.
		$languages = array(array('da', 'Danish'), array('de', 'German'), array('en', 'English'), array('fr', 'French'), array('it', 'Italian'), array('no', 'Norwegian'), array('nl', 'Dutch'), array('pl', 'Polish'), array('se', 'Swedish'));
		$output .= '<tr><td><label for="quickpay_language">Payment Window Language</label></td><td>';
		$output .= "<select name='quickpay_language'>";

		foreach($languages as $lang)
		{
			$output .= '<option value="' . $lang[0] . '"';

			if($language == $lang[0])
				$output .= ' selected="selected"';

			$output .= '>' . $lang[0] . ' - ' . $lang[1] . '</option>';
		}

		$output .= '</select>';
		$output .= '<p><small>Choose which language the transaction window will use.</small></p>';
		$output .= '</td></tr>';

		// Currency.
		$currencies = array('EUR', 'DKK', 'USD');
		$output .= '<tr><td><label for="quickpay_currency">Currency</label></td><td>';

		foreach($currencies as $curr)
		{
			$output .= '<input name="quickpay_currency" value="' . $curr . '" type="radio"';

			if($currency == $curr)
				$output .= ' checked="checked"';

			$output .= '/>' . $curr . '<br/>';
		}

		$output .= '<p><small>Choose your currency. Please make sure to use the same currency as in your WP E-Commerce currency settings.</small></p></td></tr>';

		// Automatic capture on/off.
		$output .= '<tr><td><label for="quickpay_autocapture">Automatic capture</label></td><td>';

		if($autocapture == '0')
			$output .= '<input name="quickpay_autocapture" value="0" checked="checked" type="radio"/>Off<br/>';
		else
			$output .= '<input name="quickpay_autocapture" value="0" type="radio"/>Off<br/>';

		if($autocapture == '1')
			$output .= '<input name="quickpay_autocapture" value="1" checked="checked" type="radio"/>On<br/>';
		else
			$output .= '<input name="quickpay_autocapture" value="1" type="radio"/>On<br/>';

		$output .= '<p><small>Automatic Capture means you will automatically deduct the amount from the customer.</small></p></td></tr>';

		// Test mode on/off.
		$output .= '<tr><td><label for="quickpay_testmode">Test mode</label></td><td>';

		if($testmode == '0')
			$output .= '<input name="quickpay_testmode" value="0" checked="checked" type="radio"/>Off<br/>';
		else
			$output .= '<input name="quickpay_testmode" value="0" type="radio">Off<br/>';

		if($testmode == '1')
			$output .= '<input name="quickpay_testmode" value="1" checked="checked" type="radio"/>On<br/>';
		else
			$output .= '<input name="quickpay_testmode" value="1" type="radio"/>On<br/>';

		$output .= '<p><small>Enables or disables test mode. Remember to disable when your shop goes live!</small></p></td></tr>';

		// Usability setting, Keep Basket Contents.
		$output .= '<tr><td colspan="2"><strong>Usability Settings</strong></td></tr>';
		$output .= '<tr><td><label for="quickpay_keepbasket">Keep contents of basket on failure?</label></td><td>';

		if($keepbasket == '1')
			$output .= '<input name="quickpay_keepbasket" value="1" checked="checked" type="checkbox">';
		else
			$output .= '<input name="quickpay_keepbasket" value="1" type="checkbox">';

		$output .= '<p><small>If a transaction fails or is cancelled and the user returns to your webshop, do you wish the contents of the users shopping basket to be kept? Otherwise it will be emptied.</small></p></td></tr>';

		return $output;
	}

	// Validates and saves the settings from within the WPEC control panel.
	function nzshpcrt_quickpay_form_submit()
	{
		if($_POST['quickpay_merchantid'] != null)
			update_option('quickpay_merchantid', $_POST['quickpay_merchantid']);

		if($_POST['quickpay_md5secret'] != null)
			update_option('quickpay_md5secret', $_POST['quickpay_md5secret']);

		if($_POST['quickpay_language'] != null)
			update_option('quickpay_language', $_POST['quickpay_language']);

		if($_POST['quickpay_autocapture'] != null)
			update_option('quickpay_autocapture', $_POST['quickpay_autocapture']);

		if($_POST['quickpay_currency'] != null)
			update_option('quickpay_currency', $_POST['quickpay_currency']);

		if($_POST['quickpay_keepbasket'] == '1')
			update_option('quickpay_keepbasket', '1');
		else
			update_option('quickpay_keepbasket', '0');

		if($_POST['quickpay_testmode'] == '1')
			update_option('quickpay_testmode', '1');
		else
			update_option('quickpay_testmode', '0');

		return true;
	}

	function nzshpcrt_quickpay_get_cancelurl($transaction_id, $session_id)
	{
		$cancelurl = get_option('shopping_cart_url');

		$params = array('quickpay_cancel' => '1', 'transaction_id' => $transaction_id, 'sessionid' => $session_id);
		return add_query_arg($params, $cancelurl);
	}

	function nzshpcrt_quickpay_get_accepturl($transaction_id, $session_id)
	{
		$accepturl = get_option('transact_url');

		$params = array('quickpay_accept' => '1', 'transaction_id' => $transaction_id, 'sessionid' => $session_id);
		return add_query_arg($params, $accepturl);
	}

	function nzshpcrt_quickpay_get_callbackurl($transaction_id, $session_id)
	{
		$callbackurl = get_option('siteurl');

		$params = array('quickpay_callback' => '1', 'transaction_id' => $transaction_id, 'sessionid' => $session_id);
		return add_query_arg($params, $callbackurl);

		// If you need to test callbacks on a non-public URL (like localhost), my suggestion is that you upload a script that dumps all POST values to a file to a public URL and specify that URL here.
		// Then you can use the values from that file to test the callback (see comments in nzshpcrt_quickpay_callback).
	}

	// Prepares the data and sends order details to the Quickpay payment window.
	function nzshpcrt_quickpay_gateway($seperator, $sessionid)
	{
		global $wpdb, $wpsc_cart;

		$payurl = 'https://secure.quickpay.dk/form/';
		$protocol = '3';
		$msgtype = 'authorize';
		$merchant = get_option('quickpay_merchantid');
		$language = get_option('quickpay_language');
		$currency = get_option('quickpay_currency');
		$autocapture = get_option('quickpay_autocapture');
		$md5secret = get_option('quickpay_md5secret');
		$cardtypelock = 'creditcard';
		$testmode = get_option('quickpay_testmode');

		$ordernumber = 'WPEC' . $wpdb->get_var("SELECT id FROM " . WPSC_TABLE_PURCHASE_LOGS . " WHERE sessionid = '$sessionid' LIMIT 1;");

		if(strlen($ordernumber) > 20)
			$ordernumber = time();

		$amount	= round($wpsc_cart->total_price, 2) * 100;
		$transaction_id = uniqid(md5(rand(1, 666)), true); // Set the transaction id to a unique value for reference in the system.

		$wpdb->query("UPDATE " . WPSC_TABLE_PURCHASE_LOGS . " SET processed = '1', transactid = '" . $transaction_id . "', date = '" . time() . "' WHERE sessionid = " . $sessionid . " LIMIT 1");

		$callbackurl = nzshpcrt_quickpay_get_callbackurl($transaction_id, $sessionid);
		$continueurl = nzshpcrt_quickpay_get_accepturl($transaction_id, $sessionid);
		$cancelurl = nzshpcrt_quickpay_get_cancelurl($transaction_id, $sessionid);

		$md5check = md5($protocol . $msgtype . $merchant . $language . $ordernumber . $amount . $currency . $continueurl . $cancelurl . $callbackurl . $autocapture . $cardtypelock . $testmode . $md5secret);

		// Generate the form output.
		$output = "<div style=\"display:none;\">
		<form id=\"quickpay_form\" name=\"quickpay_form\" action=\"$payurl\" method=\"post\">
		<input type=\"hidden\" name=\"protocol\" value=\"$protocol\"/>
		<input type=\"hidden\" name=\"msgtype\" value=\"$msgtype\"/>
		<input type=\"hidden\" name=\"merchant\" value=\"$merchant\"/>
		<input type=\"hidden\" name=\"language\" value=\"$language\"/>
		<input type=\"hidden\" name=\"ordernumber\" value=\"$ordernumber\"/>
		<input type=\"hidden\" name=\"amount\" value=\"$amount\"/>
		<input type=\"hidden\" name=\"currency\" value=\"$currency\"/>
		<input type=\"hidden\" name=\"continueurl\" value=\"$continueurl\"/>
		<input type=\"hidden\" name=\"cancelurl\" value=\"$cancelurl\"/>
		<input type=\"hidden\" name=\"callbackurl\" value=\"$callbackurl\"/>
		<input type=\"hidden\" name=\"autocapture\" value=\"$autocapture\"/>
		<input type=\"hidden\" name=\"cardtypelock\" value=\"$cardtypelock\"/>
		<input type=\"hidden\" name=\"testmode\" value=\"$testmode\"/>
		<input type=\"hidden\" name=\"md5check\" value=\"$md5check\"/>
		<input type=\"submit\" value=\"Pay\"/>
		</form>
		</div>";

		echo $output;
		echo "<script language=\"javascript\" type=\"text/javascript\">document.getElementById('quickpay_form').submit();</script>";
		echo "Please wait..";
		exit();
	}

	// Process the callback and replies from QuickPay.
	function nzshpcrt_quickpay_callback()
	{
		global $wpdb;

		$transaction_id = trim(stripslashes($_GET['transaction_id']));
		$sessionid = trim(stripslashes($_GET['sessionid']));

		$is_callback = false;

		if((isset($_GET['quickpay_callback']) && $_GET['quickpay_callback'] == '1'))
			$is_callback = true;

		// If you need to test callbacks on a non-public URL (like localhost), set this to true and uncomment.
		//$is_callback = true;

		// Process the callback.
		if($is_callback == true)
		{
			// Only enter this block if status code from QuickPay is 000 = Approved.
			if($_POST['qpstat'] == '000')
			{
				$md5 = $_POST['md5check'];

				// If you need to test callbacks on a non-public URL (like localhost), set this to the actual MD5 value and uncomment.
				//$md5 = '5f10ba30f47545d432789d9f7eb5dd84';

				// Check if MD5 check has been posted back to us. If so, validate it.
				if(!empty($md5))
				{
					$new_transaction = $_POST['transaction'];
					$merchant = get_option('quickpay_merchantid');
					$currency = get_option('quickpay_currency');
					$secret = get_option('quickpay_md5secret');
					$ordernumber = "WPEC" . $wpdb->get_var("SELECT id FROM " . WPSC_TABLE_PURCHASE_LOGS . " WHERE sessionid = '$sessionid' LIMIT 1;");
					$amount = $_POST['amount'];
					$msgtype = $_POST['msgtype'];
					$new_transaction = $_POST['transaction'];
					$time = $_POST['time'];
					$state = $_POST['state'];
					$qpstat = $_POST['qpstat'];
					$qpstatmsg = $_POST['qpstatmsg'];
					$chstat = $_POST['chstat'];
					$chstatmsg  = $_POST['chstatmsg'];
					$merchant = $_POST['merchant'];
					$merchantemail = $_POST['merchantemail'];
					$cardtype = $_POST['cardtype'];
					$cardnumber = $_POST['cardnumber'];
					$fee = $_POST['fee'];

					// If you need to test callbacks on a non-public URL (like localhost), set these to the actual values and uncomment.
					/*$msgtype = 'authorize';
					$new_transaction = '37028170';
					$time = '111114172159';
					$state = '1';
					$qpstat = '000';
					$qpstatmsg = 'OK';
					$chstat = '000';
					$chstatmsg  = 'OK';
					$merchant = 'Quickpay demoshop';
					$merchantemail = 'demo@quickpay.net';
					$cardtype = 'dankort';
					$cardnumber = 'XXXXXXXXXXXX0001';
					$fee = '163';*/

					$md5check = md5($msgtype . $ordernumber . $amount . $currency . $time . $state . $qpstat . $qpstatmsg . $chstat . $chstatmsg . $merchant . $merchantemail . $new_transaction . $cardtype . $cardnumber . $fee . $secret);

					if($md5 == $md5check)
					{
						// Order is accepted.
						$wpdb->query("UPDATE " . WPSC_TABLE_PURCHASE_LOGS . " SET processed = '3', transactid = '" . $new_transaction . "', date = '" . time() . "', notes = 'Payment approved at QuickPay with transaction id " . $new_transaction . ", card type " . $cardtype . ", amount " . $amount . "' WHERE sessionid = " . $sessionid . " LIMIT 1");
					}
				}
			}

			exit();
		}

		// Process cancellation.
		if((isset($_GET['quickpay_cancel']) && $_GET['quickpay_cancel'] == '1'))
		{
			// Check and process "Keep contents of basket on failure?".
			if(get_option('quickpay_keepbasket') != '1')
			{
				$log_id = $wpdb->get_var("SELECT id FROM " . WPSC_TABLE_PURCHASE_LOGS . " WHERE sessionid = '$sessionid' LIMIT 1");
				$delete_log_form_sql = "SELECT * FROM " . WPSC_TABLE_CART_CONTENTS . " WHERE purchaseid = '$log_id'";

				$cart_content = $wpdb->get_results($delete_log_form_sql, ARRAY_A);

				foreach((array)$cart_content as $cart_item)
				{
					$wpdb->query("DELETE FROM " . WPSC_TABLE_CART_ITEM_VARIATIONS . " WHERE cart_id = '" . $cart_item['id'] . "'");
				}

				$wpdb->query("DELETE FROM " . WPSC_TABLE_CART_CONTENTS . " WHERE purchaseid = '$log_id'");
				$wpdb->query("DELETE FROM " . WPSC_TABLE_SUBMITED_FORM_DATA . " WHERE log_id IN ('$log_id')");
				$wpdb->query("DELETE FROM " . WPSC_TABLE_PURCHASE_LOGS . " WHERE id = '$log_id' LIMIT 1");
			}
		}
	}

	// Hook up to process the replies from QuickPay.
	add_action('init', 'nzshpcrt_quickpay_callback');
?>
	<?php
	/*
	WP E-commerce Merchant Gateway for QuickPay.dk
	Version 1.1

	For help and support, please go to http://www.quickpay.dk

	Changelog:
	12-12-2011 by UF from http://wpkonsulent.dk
	Added rounding for odd ørebeløb, since WPEC doesn't do it.
	14-11-2011 by UF from http://wpkonsulent.dk
	Cancelled payments no longer triggers a purchase report to be sent by email.
	Changed the entire flow regarding cancel/continue/callback URLs.
	Added test mode.
	Fixed bug with accepted payments showing up as "Order received".
	Minor optimization of control panel.
	Clean-up of code for better readability and more correct HTML.
	Added cardtypelock = 'creditcard' which supposedly should have a positive effect on conversions.
	*/

	$nzshpcrt_gateways[$num]['name'] = 'QuickPay';
	$nzshpcrt_gateways[$num]['internalname'] = 'QuickPay';
	$nzshpcrt_gateways[$num]['function'] = 'nzshpcrt_quickpay_gateway';
	$nzshpcrt_gateways[$num]['form'] = "nzshpcrt_quickpay_form";
	$nzshpcrt_gateways[$num]['submit_function'] = "nzshpcrt_quickpay_form_submit";

	// Set default values.
	if(!get_option('quickpay_language') <> '')
	update_option('quickpay_language', 'en');

	if(!get_option('quickpay_currency') <> '')
	update_option('quickpay_currency', 'EUR');

	if(!get_option('quickpay_keepbasket') <> '')
	update_option('quickpay_keepbasket', '0');

	if(!get_option('quickpay_autocapture') <> '')
	update_option('quickpay_autocapture', '0');

	if(!get_option('quickpay_testmode') <> '')
	update_option('quickpay_testmode', '0');

	// Displays the settings from within the WPEC control panel.
	function nzshpcrt_quickpay_form()
	{
	// Get stored values.
	$merchantid = get_option('quickpay_merchantid');
	$md5secret = get_option('quickpay_md5secret');
	$language = get_option('quickpay_language');
	$autocapture = get_option('quickpay_autocapture');
	$currency = get_option('quickpay_currency');
	$keepbasket = get_option('quickpay_keepbasket');
	$testmode = get_option('quickpay_testmode');

	// Generate output.
	$output = '<tr><td colspan="2" style="text-align:center;"><br/><a href="http://quickpay.dk/?setlang=en" target="_blank"><img src="http://quickpay.dk/gfx/quickpay.gif"></a><br/><br/></td></tr>';

	// Merchant ID.
	$output .= '<tr><td><label for="quickpay_merchantid">Merchant ID</label></td>';
	$output .= '<td><input name="quickpay_merchantid" type="text" value="' . $merchantid . '"/>
	<p><small>This is your unique ID, which the system uses to identify you.</small></p></td></tr>';

	// MD5 Secret.
	$output .= '<tr><td><label for="quickpay_md5secret">MD5 Secret</label></td>';
	$output .= '<td><input name="quickpay_md5secret" type="text" value="' . $md5secret . '"/>
	<p><small>This is the unique MD5 secret key, which the system uses to verify your transactions.</small></p></td></tr>';

	// Language.
	$languages = array(array('da', 'Danish'), array('de', 'German'), array('en', 'English'), array('fr', 'French'), array('it', 'Italian'), array('no', 'Norwegian'), array('nl', 'Dutch'), array('pl', 'Polish'), array('se', 'Swedish'));
	$output .= '<tr><td><label for="quickpay_language">Payment Window Language</label></td><td>';
	$output .= "<select name='quickpay_language'>";

	foreach($languages as $lang)
	{
	$output .= '<option value="' . $lang[0] . '"';

	if($language == $lang[0])
	$output .= ' selected="selected"';

	$output .= '>' . $lang[0] . ' - ' . $lang[1] . '</option>';
	}

	$output .= '</select>';
	$output .= '<p><small>Choose which language the transaction window will use.</small></p>';
	$output .= '</td></tr>';

	// Currency.
	$currencies = array('EUR', 'DKK', 'USD');
	$output .= '<tr><td><label for="quickpay_currency">Currency</label></td><td>';

	foreach($currencies as $curr)
	{
	$output .= '<input name="quickpay_currency" value="' . $curr . '" type="radio"';

	if($currency == $curr)
	$output .= ' checked="checked"';

	$output .= '/>' . $curr . '<br/>';
	}

	$output .= '<p><small>Choose your currency. Please make sure to use the same currency as in your WP E-Commerce currency settings.</small></p></td></tr>';

	// Automatic capture on/off.
	$output .= '<tr><td><label for="quickpay_autocapture">Automatic capture</label></td><td>';

	if($autocapture == '0')
	$output .= '<input name="quickpay_autocapture" value="0" checked="checked" type="radio"/>Off<br/>';
	else
	$output .= '<input name="quickpay_autocapture" value="0" type="radio"/>Off<br/>';

	if($autocapture == '1')
	$output .= '<input name="quickpay_autocapture" value="1" checked="checked" type="radio"/>On<br/>';
	else
	$output .= '<input name="quickpay_autocapture" value="1" type="radio"/>On<br/>';

	$output .= '<p><small>Automatic Capture means you will automatically deduct the amount from the customer.</small></p></td></tr>';

	// Test mode on/off.
	$output .= '<tr><td><label for="quickpay_testmode">Test mode</label></td><td>';

	if($testmode == '0')
	$output .= '<input name="quickpay_testmode" value="0" checked="checked" type="radio"/>Off<br/>';
	else
	$output .= '<input name="quickpay_testmode" value="0" type="radio">Off<br/>';

	if($testmode == '1')
	$output .= '<input name="quickpay_testmode" value="1" checked="checked" type="radio"/>On<br/>';
	else
	$output .= '<input name="quickpay_testmode" value="1" type="radio"/>On<br/>';

	$output .= '<p><small>Enables or disables test mode. Remember to disable when your shop goes live!</small></p></td></tr>';

	// Usability setting, Keep Basket Contents.
	$output .= '<tr><td colspan="2"><strong>Usability Settings</strong></td></tr>';
	$output .= '<tr><td><label for="quickpay_keepbasket">Keep contents of basket on failure?</label></td><td>';

	if($keepbasket == '1')
	$output .= '<input name="quickpay_keepbasket" value="1" checked="checked" type="checkbox">';
	else
	$output .= '<input name="quickpay_keepbasket" value="1" type="checkbox">';

	$output .= '<p><small>If a transaction fails or is cancelled and the user returns to your webshop, do you wish the contents of the users shopping basket to be kept? Otherwise it will be emptied.</small></p></td></tr>';

	return $output;
	}

	// Validates and saves the settings from within the WPEC control panel.
	function nzshpcrt_quickpay_form_submit()
	{
	if($_POST['quickpay_merchantid'] != null)
	update_option('quickpay_merchantid', $_POST['quickpay_merchantid']);

	if($_POST['quickpay_md5secret'] != null)
	update_option('quickpay_md5secret', $_POST['quickpay_md5secret']);

	if($_POST['quickpay_language'] != null)
	update_option('quickpay_language', $_POST['quickpay_language']);

	if($_POST['quickpay_autocapture'] != null)
	update_option('quickpay_autocapture', $_POST['quickpay_autocapture']);

	if($_POST['quickpay_currency'] != null)
	update_option('quickpay_currency', $_POST['quickpay_currency']);

	if($_POST['quickpay_keepbasket'] == '1')
	update_option('quickpay_keepbasket', '1');
	else
	update_option('quickpay_keepbasket', '0');

	if($_POST['quickpay_testmode'] == '1')
	update_option('quickpay_testmode', '1');
	else
	update_option('quickpay_testmode', '0');

	return true;
	}

	function nzshpcrt_quickpay_get_cancelurl($transaction_id, $session_id)
	{
	$cancelurl = get_option('shopping_cart_url');

	$params = array('quickpay_cancel' => '1', 'transaction_id' => $transaction_id, 'sessionid' => $session_id);
	return add_query_arg($params, $cancelurl);
	}

	function nzshpcrt_quickpay_get_accepturl($transaction_id, $session_id)
	{
	$accepturl = get_option('transact_url');

	$params = array('quickpay_accept' => '1', 'transaction_id' => $transaction_id, 'sessionid' => $session_id);
	return add_query_arg($params, $accepturl);
	}

	function nzshpcrt_quickpay_get_callbackurl($transaction_id, $session_id)
	{
	$callbackurl = get_option('siteurl');

	$params = array('quickpay_callback' => '1', 'transaction_id' => $transaction_id, 'sessionid' => $session_id);
	return add_query_arg($params, $callbackurl);

	// If you need to test callbacks on a non-public URL (like localhost), my suggestion is that you upload a script that dumps all POST values to a file to a public URL and specify that URL here.
	// Then you can use the values from that file to test the callback (see comments in nzshpcrt_quickpay_callback).
	}

	// Prepares the data and sends order details to the Quickpay payment window.
	function nzshpcrt_quickpay_gateway($seperator, $sessionid)
	{
	global $wpdb, $wpsc_cart;

	$payurl = 'https://secure.quickpay.dk/form/';
	$protocol = '3';
	$msgtype = 'authorize';
	$merchant = get_option('quickpay_merchantid');
	$language = get_option('quickpay_language');
	$currency = get_option('quickpay_currency');
	$autocapture = get_option('quickpay_autocapture');
	$md5secret = get_option('quickpay_md5secret');
	$cardtypelock = 'creditcard';
	$testmode = get_option('quickpay_testmode');

	$ordernumber = 'WPEC' . $wpdb->get_var("SELECT id FROM " . WPSC_TABLE_PURCHASE_LOGS . " WHERE sessionid = '$sessionid' LIMIT 1;");

	if(strlen($ordernumber) > 20)
	$ordernumber = time();

	$amount = round($wpsc_cart->total_price, 2) * 100;
	$transaction_id = uniqid(md5(rand(1, 666)), true); // Set the transaction id to a unique value for reference in the system.

	$wpdb->query("UPDATE " . WPSC_TABLE_PURCHASE_LOGS . " SET processed = '1', transactid = '" . $transaction_id . "', date = '" . time() . "' WHERE sessionid = " . $sessionid . " LIMIT 1");

	$callbackurl = nzshpcrt_quickpay_get_callbackurl($transaction_id, $sessionid);
	$continueurl = nzshpcrt_quickpay_get_accepturl($transaction_id, $sessionid);
	$cancelurl = nzshpcrt_quickpay_get_cancelurl($transaction_id, $sessionid);

	$md5check = md5($protocol . $msgtype . $merchant . $language . $ordernumber . $amount . $currency . $continueurl . $cancelurl . $callbackurl . $autocapture . $cardtypelock . $testmode . $md5secret);

	// Generate the form output.
	$output = "<div style=\"display:none;\">
	<form id=\"quickpay_form\" name=\"quickpay_form\" action=\"$payurl\" method=\"post\">
	<input type=\"hidden\" name=\"protocol\" value=\"$protocol\"/>
	<input type=\"hidden\" name=\"msgtype\" value=\"$msgtype\"/>
	<input type=\"hidden\" name=\"merchant\" value=\"$merchant\"/>
	<input type=\"hidden\" name=\"language\" value=\"$language\"/>
	<input type=\"hidden\" name=\"ordernumber\" value=\"$ordernumber\"/>
	<input type=\"hidden\" name=\"amount\" value=\"$amount\"/>
	<input type=\"hidden\" name=\"currency\" value=\"$currency\"/>
	<input type=\"hidden\" name=\"continueurl\" value=\"$continueurl\"/>
	<input type=\"hidden\" name=\"cancelurl\" value=\"$cancelurl\"/>
	<input type=\"hidden\" name=\"callbackurl\" value=\"$callbackurl\"/>
	<input type=\"hidden\" name=\"autocapture\" value=\"$autocapture\"/>
	<input type=\"hidden\" name=\"cardtypelock\" value=\"$cardtypelock\"/>
	<input type=\"hidden\" name=\"testmode\" value=\"$testmode\"/>
	<input type=\"hidden\" name=\"md5check\" value=\"$md5check\"/>
	<input type=\"submit\" value=\"Pay\"/>
	</form>
	</div>";

	echo $output;
	echo "<script language=\"javascript\" type=\"text/javascript\">document.getElementById('quickpay_form').submit();</script>";
	echo "Please wait..";
	exit();
	}

	// Process the callback and replies from QuickPay.
	function nzshpcrt_quickpay_callback()
	{
	global $wpdb;

	$transaction_id = trim(stripslashes($_GET['transaction_id']));
	$sessionid = trim(stripslashes($_GET['sessionid']));

	$is_callback = false;

	if((isset($_GET['quickpay_callback']) && $_GET['quickpay_callback'] == '1'))
	$is_callback = true;

	// If you need to test callbacks on a non-public URL (like localhost), set this to true and uncomment.
	//$is_callback = true;

	// Process the callback.
	if($is_callback == true)
	{
	// Only enter this block if status code from QuickPay is 000 = Approved.
	if($_POST['qpstat'] == '000')
	{
	$md5 = $_POST['md5check'];

	// If you need to test callbacks on a non-public URL (like localhost), set this to the actual MD5 value and uncomment.
	//$md5 = '5f10ba30f47545d432789d9f7eb5dd84';

	// Check if MD5 check has been posted back to us. If so, validate it.
	if(!empty($md5))
	{
	$new_transaction = $_POST['transaction'];
	$merchant = get_option('quickpay_merchantid');
	$currency = get_option('quickpay_currency');
	$secret = get_option('quickpay_md5secret');
	$ordernumber = "WPEC" . $wpdb->get_var("SELECT id FROM " . WPSC_TABLE_PURCHASE_LOGS . " WHERE sessionid = '$sessionid' LIMIT 1;");
	$amount = $_POST['amount'];
	$msgtype = $_POST['msgtype'];
	$new_transaction = $_POST['transaction'];
	$time = $_POST['time'];
	$state = $_POST['state'];
	$qpstat = $_POST['qpstat'];
	$qpstatmsg = $_POST['qpstatmsg'];
	$chstat = $_POST['chstat'];
	$chstatmsg = $_POST['chstatmsg'];
	$merchant = $_POST['merchant'];
	$merchantemail = $_POST['merchantemail'];
	$cardtype = $_POST['cardtype'];
	$cardnumber = $_POST['cardnumber'];
	$fee = $_POST['fee'];

	// If you need to test callbacks on a non-public URL (like localhost), set these to the actual values and uncomment.
	/*$msgtype = 'authorize';
	$new_transaction = '37028170';
	$time = '111114172159';
	$state = '1';
	$qpstat = '000';
	$qpstatmsg = 'OK';
	$chstat = '000';
	$chstatmsg = 'OK';
	$merchant = 'Quickpay demoshop';
	$merchantemail = 'demo@quickpay.net';
	$cardtype = 'dankort';
	$cardnumber = 'XXXXXXXXXXXX0001';
	$fee = '163';*/

	$md5check = md5($msgtype . $ordernumber . $amount . $currency . $time . $state . $qpstat . $qpstatmsg . $chstat . $chstatmsg . $merchant . $merchantemail . $new_transaction . $cardtype . $cardnumber . $fee . $secret);

	if($md5 == $md5check)
	{
	// Order is accepted.
	$wpdb->query("UPDATE " . WPSC_TABLE_PURCHASE_LOGS . " SET processed = '3', transactid = '" . $new_transaction . "', date = '" . time() . "', notes = 'Payment approved at QuickPay with transaction id " . $new_transaction . ", card type " . $cardtype . ", amount " . $amount . "' WHERE sessionid = " . $sessionid . " LIMIT 1");
	}
	}
	}

	exit();
	}

	// Process cancellation.
	if((isset($_GET['quickpay_cancel']) && $_GET['quickpay_cancel'] == '1'))
	{
	// Check and process "Keep contents of basket on failure?".
	if(get_option('quickpay_keepbasket') != '1')
	{
	$log_id = $wpdb->get_var("SELECT id FROM " . WPSC_TABLE_PURCHASE_LOGS . " WHERE sessionid = '$sessionid' LIMIT 1");
	$delete_log_form_sql = "SELECT * FROM " . WPSC_TABLE_CART_CONTENTS . " WHERE purchaseid = '$log_id'";

	$cart_content = $wpdb->get_results($delete_log_form_sql, ARRAY_A);

	foreach((array)$cart_content as $cart_item)
	{
	$wpdb->query("DELETE FROM " . WPSC_TABLE_CART_ITEM_VARIATIONS . " WHERE cart_id = '" . $cart_item['id'] . "'");
	}

	$wpdb->query("DELETE FROM " . WPSC_TABLE_CART_CONTENTS . " WHERE purchaseid = '$log_id'");
	$wpdb->query("DELETE FROM " . WPSC_TABLE_SUBMITED_FORM_DATA . " WHERE log_id IN ('$log_id')");
	$wpdb->query("DELETE FROM " . WPSC_TABLE_PURCHASE_LOGS . " WHERE id = '$log_id' LIMIT 1");
	}
	}
	}

	// Hook up to process the replies from QuickPay.
	add_action('init', 'nzshpcrt_quickpay_callback');
	?>